Microsoft 365 CIS Assessment
Microsoft 365 Security and Compliance Assessment Using a Global Reader Account
ABOUT
SmartProfiler for M365 CIS Assessment
SmartProfiler for Office 365 Assessment is an automated Health & Risk assessment solution to help you significantly improve your Microsoft Office 365 ecosystem health & security posture. SmartProfiler for Office 365 Assessment follows CIS-Workbench controls and other tests designed by our Office 365 experts. Services covered: MSOnline, EXO, Teams, SharePoint, OneDrive, and Azure AD.
The Center for Internet Security is a nonprofit entity whose mission is to ‘identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.’ It draws on the expertise of cybersecurity and IT professionals from government, business, and academia from around the world. To develop standards and best practices, including CIS benchmarks, controls, and hardened images, they follow a consensus decision-making model. SmartProfiler is designed to support CIS Standards designed for Office 365 and Azure Assessments.
Requirements
M365 Assessment Requirements
A Global Reader Account
SmartProfiler needs a Global Reader Account in order to connect to the Microsoft 365 Tenant and gather the information needed for analysis. An Azure Application does not need to be registered in order to collect data.
Read-Only Operation
SmartProfiler is a read-only product, and no write operation is ever made to the target while it is being assessed.
Microsoft PowerShell Modules
PowerShell modules are already included in the product, so installing them is not necessary before running the assessment. Before beginning the assessment, the product automatically imports PowerShell modules.
Three steps assessment
Quick Assessment
STEP 1 – Register Microsoft 365 Tenant
In Step 1 register Office 365 Tenant with SmartProfiler Assessment Tool. You need to be providing Office 365 Domains and Global Admin Reader account credentials in order to perform assessment.
STEP 2 – Execute Assessment
In Step 2 you will be executing Office 365 Assessment. All Ofice 365 categories are executed. However, you have an option to execute individual categories.
STEP 3 – Assessment Summary
Once the Assessment has been executed successfully for Office 365 Subscription, you can see Assessment Summary which includes assessment impact and recommendations to fix the items identified. Here you have an option to generate an Assessment Report in Microsoft Word format.
STEP 3 – Generate Report
You can generate report in Word format and all reports generated by SmartProfiler can be branded.
assessment categories
Get Everything You Need With Just One Tool for Microsoft 365 CIS Assessment
SmartProfiler for Microsoft 365 supports all CIS Categories and additional tests (about 44 of them) desinged by our Microsoft 365 experts.
Users
Performs several tests related to Office 365 users. There are more than 13 tests performed for all Office 365 Users.
Exchange Online
Performs tests related to Exchange Online and Email. Policies, Email Forwarding, Mailboxes on Litigation hold, and several other tests are performed. Exchange Online category includes 30 tests.
Accounts & Authentication
All tests related to Azure Active Directory authentication, ensuring all MFA users and Office roles are using MFA. There are 23 tests performed.
Configuration
There are 12 tests performed for Office 365 configuration. The tests range from License Consumption to Directory Synchronization configuration.
Application Permissions
Tests such as ensuring third-party integration is disabled, calendar sharing with external users is disabled, admin consent workflow is enabled and other relevant tests that are necessary to check for an Office 365 Subscription. 11 Tests are available in Application Permissions category.
Data Management
In the Data Management category tests related to DLP, external sharing, SharePoint Online protection and other relevant tests are performed. 7 Tests are available in Data Management Category.
Auditing
Auditing tests include checking AD-Risky Sign-In reports, ensure mail-forwarding rules are reviewed and other relevant auditing tests are executed. However, some auditing items need to be checked weekly and require manual intervention. There are a total of 16 tests available in Auditing Category.
Storage
Tests such as Ensure document sharing is being controlled by domains with whitelist or blacklist, Block OneDrive for Business sync from unmanaged devices and other storage tests are checked and reported.
Mobile Device Management
Mobile Device Management category includes more than 22 tests which are performed to ensure mobile devices have necessary policies configured.
“We have used SmartProfiler for our clients”
The best feature of SmartProfiler is that it can perform the assessment without a Global Admin account and without needing the registration of an Azure AD application. Because it only required a Global Reader Account, we were able to use the tool effectively for our clients and clients could allow us to conduct the assessment!
Fully Automated
SmartProfiler for M365 is a fully automated solution
Instead of manually gathering data, which could take a significant amount of time, SmartProfiler for M365 has automated all the tests to ensure that the assessment is completed in a matter of hours.
Pricing
Simple Pricing
SmartProfiler for M365 is charged per registered Tenant.
FREE VERSION
- Register Single Tenant
- Execute Assessment for All M365 Services
- View Number Of Issues Found
- View Issues in Console
Issue name will be hidden - Generate Word Report
- Generate Affected Objects Excel Summary
PAID VERSION
- Register Multiple Tenants
- Execute Assessment for All M365 Services
- View Number Of Issues Found
- View Issues in Console
- Generate Word Report
- Generate Affected Objects Excel Summary